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DETAILED ACTION 

Claims 1-21 are pending for examination. 
Claims 1-5 and 8-21 are amended. 
Claims 1-21 are rejected. 

Response to Arguments 

1 . Applicant's arguments with regard to claims 1 , 8, and 1 5, filed 30 July 2008 have 
been fully considered but they are not persuasive. Applicant argues that cited reference 
Cook (US 6 961 783) does not teach all the limitations of the claim. Examiner disagrees, 
as explained in further detail below. 

2. Applicant's arguments with respect to claims 2, 9, and 16 have been considered 
but are moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 102 

3. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

4. Claims 1 , 8, and 1 5 are rejected under 35 U.S.C. 1 02(e) as being anticipated by 
US 6 961 783, Cook et al (previously cited). 

5. As per claims 1 , 8, and 15, Cook teaches a name/address translation device, 
method, and computer-readable medium recording a program (abstract) comprising: 

an identifying unit for identifying, when a query about an address corresponding 
to a name of a communication destination is received from a communication source, 
which of a private network and a global network the communication source and the 
communication destination belong to each (column 6, line 61 to column 7, line 7, where 
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the device has multiple network interfaces, where the inside interface may be connected 
to a private network, while the outside interface is connected to a public network such 
as the Internet. In addition, each interface is fitted appropriately for communication with 
media, logic, and memory to communicate with the various media types. This logic and 
difference between internal and external private and public networks allows the device 
to distinguish between the network types of the source and destination by which 
interfaces the communications are associated with); 

a judging unit judging, based on a result of identification by the identifying unit, 
whether or not to allow to give a response including the address corresponding to the 
name of the communication destination to the communication source of the query 
(column 5, lines 23-34, where the system access list may require device verification in 
order to respond with the requested address. This verification serves to judge whether 
the requesting device is allowed access to the destination address); and 

a sending unit sending the response to the communication source when the 
judging unit judges that it is allowable to give the response (column 5, lines 1-10, where 
the DNS server resolves the domain name into an IP address and forwards it to the 
requesting client). 

Claim Rejections - 35 USC § 103 

6. Claims rejected under 35 U.S.C. 103(a) as being unpatentable over US 6 961 
783, Cook et al as applied to claims 1 , 8, and 15 above, and further in view of US 
2003/0172145, Nguyen. 
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7. As per claims 2, 9, and 1 6, Cook further teaches a searching unit for searching 
for an address of the communication destination to be given to the communication 
source as a response to the query when the identifying unit identifies that the 
communication source belongs to the private network and that the communication 
destination belongs to the public network (column 5, lines 1-10, where the DNS server 
resolves the IP address of the requested domain name for a client requesting an 
Internet IP address. This, along with column 6, line 61 to column 7, line 7, where the 
device has multiple network interfaces, where the inside interface may be connected to 
a private network, while the outside interface is connected to a public network such as 
the Internet, shows that the client on a private address may request the public IP 
address of a domain name from the domain name server); and 

a sending unit for sending the response containing the address of the 
communication destination to the communication source when the searching unit 
searched the address of the communication destination, and rejecting the query when 
the identifying unit identifies that the communication source belongs to the second 
network and the communication destination belongs to the first network (column 5, lines 
1-10, where the DNS server resolves the domain name into an IP address and forwards 
it to the requesting client, along with Figure 3, also column 7, lines 20-22, where the 
address is not returned if the source is not allowed to access the destination). 
Cook does not expressly teach rejecting the query when it comes from a global network 
for a private network. Nguyen teaches a system for providing internet service 
comprising: 
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a sending unit sending a response to a query when the searching unit searches 
for a query, and rejecting the query when the identifying information identifies that the 
communication source belongs to a global network and the communication destination 
belongs to a private network (paragraph 532, where the split DNS prevents internal host 
names and addresses from being revealed over the internet). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize a split DNS such as taught by Nguyen in a DNS system such as taught by 
Cook. Cook's system provides access control lists such that a DNS query may be 
rejected based on access rights. Nguyen's system splits the DNS response units such 
that external and internal addresses are preserved within their domains. Splitting 
domains such as taught by Nguyen would prove beneficial in that private addresses 
would not be sent over the global network, adding security (Nguyen, paragraph 532). 

As per claims 3, 10, and 17, Cook further teaches the sending unit invalidates 
sending the response, if there is no application of which a use is permitted in a 
communication between the communication source and the communication destination 
when the identifying unit identifies that the communication source belongs to the private 
network and the communication destination belongs to the global network (column 7, 
lines 20-22, where the address is not returned if the source is not allowed to access the 
destination). 

8. Claims 4-7, 11-14, and 18-21 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over US 6 961 783, Cook et al and US 2003/0172145, Nguyen as applied 
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to claims 2, 9, and 16 above, and further in view of US 7 093 288, Hydrie et al 
(previously cited). 

9. As per claims 4, 1 1 , and 18, neither Cook nor Nguyen expressly teach a system 
with firewall or packet filtering in conjunction with the DNS service. Hydrie teaches a 
system of network communication containing a packet filtering system and method 
comprising: 

a notifying unit notifying, when a response containing a second terminal 
corresponding to the communication destination belonging to the second network is 
given to a first terminal corresponding to the communication source belonging to the 
first network, a routing device of passage information for letting a data pass through that 
are forwarded between the first terminal and the second terminal, the routing device 
receiving the data forwarded between the first network and the second network and 
letting only the data with its passage permitted pass through, and effecting an address 
translation between the first network and the second network (column 4, lines 25-40, 
where the filters are accessed by the controller, and thus the controller becomes aware 
of the passage rules, and either allows or denies communication between devices). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a method of packet filtering such as that taught by Hydrie in the system of 
Cook. Packet filtering allows a user to determine whether communication should be 
allowed between devices based on a desired rule set (Hydrie, abstract). This would 
have been beneficial in Cook's system, as it would have provided an additional layer of 
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protection to deny communication between devices, which is not allowed by the access 
list. 

1 0. As per claims 5, 1 2, and 1 9, Hydrie further teaches 

wherein the notifying unit notifies the routing device of passage information 
containing a first network address used in the first network that is virtually assigned to 
the second terminal and a second network address that the second terminal uses on 
the second network, so that the routing device translates, when a data transmitted from 
the second terminal passes through, the second network address a source address 
included in the data into the first network address (column 4, lines 42-50 show the 
virtualization data, which includes a map of the virtual devices. This map contains 
information on the communication source and destination, and also contains translation 
information for translating the virtual addresses to real addresses), and 

wherein the sending unit sends a response containing the first network address 
so that the first terminal adds the first network address as a destination address to a 
data addressed to the second terminal to transmit the data addressed to the second 
terminal, and that the routing device translates, when the data addressed to the second 
terminal passes through, translates, when the data addressed to the second terminal 
passes through, the destination address into the second network address (column 4, 
lines 60-64 show that the network mediator uses the mapped addresses contained in 
the virtualization data to convent the addresses and forwards the communication). 

11. As per claims 6, 1 3, and 20, Hydrie further teaches the notifying unit notifies the 
routing device of the passage information further containing information about an 
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application of which the utilization is permitted in the communication between the first 
terminal and the second terminal in order for the routing device to let only the data pass 
through which is based on the application of which the utilization is permitted between 
the first terminal and the second terminal (Hydrie teaches this limitation. Column 6, lines 
40-50 show an example of the system working with multiple filters, where one filter 
restricts the communication between two devices to a particular protocol). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a method of packet filtering such as that taught by Hydrie in the system of 
Cook. Packet filtering allows a user to determine whether communication should be 
allowed between devices based on a desired rule set (Hydrie, abstract). This would 
have been beneficial in Cook's system, as it would have provided an additional layer of 
protection to deny communication between devices, which is not allowed by the access 
list. In particular, restricting access to a particular protocol would provide further 
security, as even with a connection, a device would not have full control over another 
device. 

12. As per claims 7, 1 4, and 21 , Hydrie further teaches wherein the notifying unit 
notifies, before the sending unit sends the address of the second terminal, the routing 
device of the passage information (Hydrie teaches this limitation. Column 4, lines 25-40 
show that the passage information is maintained in the filter list, thus providing a stable 
source of the passage information which can be accessed at any time). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a method of packet filtering such as that taught by Hydrie in the system of 
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Cook. Packet filtering allows a user to determine whether communication should be 
allowed between devices based on a desired rule set (Hydrie, abstract). This would 
have been beneficial in Cook's system, as it would have provided an additional layer of 
protection to deny communication between devices, which is not allowed by the access 
list. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to THOMAS RICHARDSON whose telephone number is 
(571 ) 270-1 1 91 . The examiner can normally be reached on Monday through Thursday, 
8am-5pm EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, William Vaughn can be reached on (571) 272-3922. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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